Firewall Exception Request Approval Process

> Home / Office of Information Technology / Information Security Office (ISO) / Firewall Exception Request Approval Process

The completed Firewall Exception Request Form must be submitted to the CCNY Service Desk, this will generate an automated email containing a case number for each request, please retain this for your records.

Once the Firewall Exception Request Form is submitted:

A notification will be sent to the Service Desk and the service record ticket will be generated and sent to the requestor by email.
The Information Security and Network groups will evaluate the form and confer with the requestor, departmental IT systems administrators, and other agents as necessary
- Rules will be evaluated individually and approved or denied based on security and functionality considerations
- Alternative services may be recommended if they are deemed more appropriate (e.g., hosted website, VPN account)
Vulnerability scans of the internal systems will be performed.
- Detected vulnerabilities designated as critical- or high-level must be remediated immediately by the requestor in order for the request to be approved
- Medium- and low-level vulnerabilities should be remediated as soon as possible, approval may be granted on a case-by-case basis
- Campus-wide vulnerabilities scans are performed with some regularity throughout the year, any subsequently reported detections must be remediated by the requestor
  
  Note: The OIT needs administrative access to internal systems to perform a full vulnerability scan. Vulnerability without proper access may result in false-positive results.
A report including the approved Firewall Exception rules will be submitted to the requestor’s Chair/Director and Dean/Vice President for their approval, once approved the firewall exceptions will be provisioned the requestor will be notified, and the service desk ticket will be closed.